Obad to the Bone: Sophisticated Malware

“Sophistication” is generally viewed by most as a good thing… Dom Perignon, Kate Middleton, fresh-pressed slacks—you get the picture. Unfortunately, when it comes to sophisticated malware, you’ll find things are far from classy. And recently, researchers have discovered what they’re calling “the most sophisticated mobile Trojan to date.” They call it “Obad,” and its keepers are infecting devices in Russia, Ukraine and Belarus with alarming speed. Who knows what damage it could do should it cross the Atlantic Ocean.

Whereas practicing safe searches, and avoiding untrusted links, can protect against most malware, the Obad Trojan is characterized by a number of distinctive elements that make it particularly difficult for the average user to spot. The effects of Obad Trojan can mean extremely high phone bills, and a potential takeover of your phone. Here’s how Obad does it:

First of all, it’s well hidden. Obad exploits an Android vulnerability that gives it extended admin privileges on your mobile device, yet it does not show up in the list of privileged apps where you would normally find apps with extended admin privileges. This makes it very difficult to find and delete. Second, it works remotely, forcing your phone to perform a variety of damaging tasks from afar, including sending of unauthorized text messages to premium rate numbers, downloading and installing malicious apps, and harvesting sensitive information—such as your contact list.

While these two alone can be daunting to for any mobile device owner to deal with, it’s the next item that makes this malware truly unique. Obad is the first Trojan to be spread by mobile botnets that were created building on other existing malware. A botnet is a network of private computers (or in this case, smartphones and tablets) infected with malicious software and controlled by a cybercriminal without the knowledge of the device owners. This means that not only have the creators of Obad commanded their software to spread throughout whatever device it can attach itself to, they have also taken advantage of preexisting malware to increase its spread. They have essentially created a web of malware that increases in strength and trouble—a super-malware, so to speak.

The specific piece of malware that Obad has been found piggybacking is called Opfake (a classic example of a text Trojan that is used by hackers to send out text messages without the phone owner’s consent). The creators of Obad take advantage of this feature to first infect devices with Opfake in order to amplify the spread of their own Trojan.

The attack begins with an unsolicited text message. The receiver gets the text message that informs them that have to click on the link to be taken to a site where a picture message is waiting to be viewed. The initial message is text only. But, if you click on the link, rather than being taken to a site for viewing the promised “MMS picture message,” you’ll have Opfake malware installed on your device. Once installed, the Opfake malware will spam your entire address book with another text message—this time containing a link to the Obad Trojan. If your contacts decide to click the link in their message, the Obad Trojan will be installed on their device. This is a previously undocumented method for spreading malware, and demonstrates the continuing creativity of some cybercriminals.

As mentioned above, the majority of Obad cases have been discovered in and around Russia, but that’s not to say this Android infection can’t spread further. Should this nasty malware find it’s way to the U.S., there are a few steps that you can take to proactively protect your mobile device:

Beware of text messages containing links. Even if you know the person who sent the message, be certain that they intended to send you a link before opening it. If the text message is from an unknown number or the link points to an unfamiliar website, do not click on it.

Turn off your Bluetooth when not in use. One of the ways that Obad will spread itself is through an infected device’s Bluetooth connection, latching onto another device in close proximity. A good practice is to switch off your Bluetooth when it’s not in use to save battery power and prevent unwanted malware from creeping into your device.

Update your Android operating system. Luckily, Google has made a patch for the security hole that allows Obad to go undetected by manipulating and exploiting “Device Administrator” privileges. If available, your wireless provider should send you the update for your Android operating system to version 4.3, which has the fix installed. If your wireless carrier doesn’t yet have this OS version available, be sure to download McAfee’s Hidden Device Admin Protector. It’s free on Google Play, via the McAfee Security Innovations app and will detect and remove applications that are hidden from the list of device administration applications.

Safeguard your device with complete security protection. One surefire way to protect against even the most sophisticated of Trojans is to install McAfee LiveSafe™ service. This comprehensive security software guards all of your smartphones, tablets, PCs, and laptops from malware. It blocks spam and dangerous email, as well as prevents hackers from gaining unauthorized access to your personal data.

To stay updated on Obad Trojan developments and other security news, follow @McAfeeConsumer and like us on Facebook.